Change references to numeric child/parent IDs which can now be text
[contractdashboard.git] / cutenews / register.php



















































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
<?PHP
 
 
 
error_reporting (E_ALL ^E_NOTICE);
require_once("./inc/functions.inc.php");
require_once("./data/config.php");
require_once("./skins/${config_skin}.skin.php");
 
 
 
// Check if CuteNews is not installed
$all_users_db = file("./data/users.db.php");
$check_users = $all_users_db;
$check_users[1] = trim($check_users[1]);
$check_users[2] = trim($check_users[2]);
if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){
    if(!file_exists("./inc/install.mdu")){ die('<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>
    However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); }
 
        msg("info", "CuteNews Not Installed", "CuteNews is not properly installed (users missing) <a href=index.php>go to index.php</a>");
}
 
 
$register_level = $config_registration_level;
 
if($action == "doregister"){
        if($config_allow_registration != "yes"){  msg("error","Error", "User registration is Disabled"); }
        if(!$regusername){ msg("error","Error !!!", "Username can not be blank"); }
        if(!$regpassword){ msg("error","Error !!!", "Password can not be blank"); }
        if(!$regemail)         { msg("error","Error !!!", "Email can not be blank"); }
 
    $regusername        = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regusername);
    $regnickname        = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regnickname);
    $regemail           = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regemail);
    $regpassword        = preg_replace( array("'<'", "'>'", "'\n'", "'\r'", "'\|'"), array("", "", "", "", ""), $regpassword);
 
    if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regusername)){ msg("error","Error !!!", "$regusername Your username must only contain valid characters, numbers and the symbol '_'"); }
    if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regnickname)){ msg("error","Error !!!", "Your nickname must only contain valid characters, numbers and the symbol '_'"); }
    if(!preg_match("/^[\.A-z0-9_\-]+[@][A-z0-9_\-]+([.][A-z0-9_\-]+)+[A-z]{1,4}$/", $regemail)){ msg("error","Error !!!", "Not valid Email."); }
    if(!preg_match("/^[\.A-z0-9_\-]{1,15}$/i", $regpassword)){ msg("error","Error !!!", "Your password must conatain only valid characters and numbers"); }
 
    $all_users = file("./data/users.db.php");
    foreach($all_users as $user_line)
    {
                $user_arr = explode("|", $user_line);
        if($user_arr[2] == $regusername){ msg("error", "Error", "This username is already taken"); }
    }
 
        $add_time = time()+($config_date_adjust*60);
        $regpassword = md5($regpassword);
 
        $old_users_file = file("./data/users.db.php");
        $new_users_file = fopen("./data/users.db.php", "a");
                fwrite($new_users_file, "$add_time|$register_level|$regusername|$regpassword|$regnickname|$regemail|0|0||||\n");
        fclose($new_users_file);
 
        if($config_notify_registration == "yes" and $config_notify_status == "active"){
           send_mail("$config_notify_email", "CuteNews - New User Registered", "New user ($regusername) has just registered:\nUsername: $regusername\nNickname: $regnickname\nEmail: $regemail\n ");
        }
 
        msg("user", "User Added", "You were successfully added to users database.<br>You can now login <a href=index.php>here</a>");
 
 
}elseif($action == "lostpass"){
 
    echoheader("user","Lost Password");
 
    echo"<form method=post action=\"$PHP_SELF\"><table border=0 cellpading=0 cellspacing=0 width=\"654\" height=\"59\" >
    <td width=\"18\" height=\"11\">
    <td width=\"71\" height=\"11\" align=\"left\">
 
    Username<td width=\"203\" height=\"11\" align=\"left\">
        <input type=text name=user seize=20>
    <td width=\"350\" height=\"26\" align=\"left\" rowspan=\"2\" valign=\"middle\">
        If the username and email match in our users database,<br> and email with furher instructions will be sent to you.
        <tr>
        <td width=\"18\" valign=\"top\" height=\"15\">
          <td width=\"71\" height=\"15\" align=\"left\">
          Email
          <td width=\"203\" height=\"15\" align=\"left\">
 
        <input type=text name=email size=\"20\">
 
        </tr>
        <tr>
          <td width=\"18\" valign=\"top\" height=\"15\">
          <td width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">
          &nbsp;
 
        </tr>
        <tr>
          <td width=\"18\" valign=\"top\" height=\"15\">
          <td         width=\"628\" height=\"15\" align=\"left\" colspan=\"3\">
          <input type=submit value=\"Send me the Confirmation\">
        </tr>
        <input type=hidden name=action value=validate>
        <input type=hidden name=mod value=lostpass>
        <tr>
        <td width=\"18\" height=\"27\">
        <td width=\"632\" height=\"27\" colspan=\"3\">
        </tr></table></form>";
 
    echofooter();
 
}elseif($action == "validate"){
 
if(!isset($user) or !$user or $user == '' or !isset($email) or !$email or $email == ''){ msg("error", "Error !!!", "All the fields are required"); }
 
    $found = FALSE;
    $all_users = file("./data/users.db.php");
    foreach($all_users as $user_line){
            $user_arr = explode("|", $user_line);
            if($user_arr[2] == $user and $user_arr[5] == $email){ $sstring = "${user_arr[0]}${user_arr[3]}"; $found = TRUE; break;}
    }
    if(!$found){ msg("error", "Error !!!", "The username/email you enter did not match in our users database"); }
        else{
 
             $confirm_url = "$config_http_script_dir/register.php?a=dsp&s=$sstring";
             $message = "Hi,\n Someone requested your password to be changed, if this is the desired action and you want to change your password please follow this link: $confirm_url .";
 
 
             mail("$email", "Confirmation ( New Password for CuteNews )", $message,
             "From: no-reply@$SERVER_NAME\r\n"
            ."X-Mailer: PHP/" . phpversion()) or die("can not send mail");
 
             msg('info','Confirmation Email',"A confirmation email was sent, please check your inbox for further details.");
        }
 
 
//Do Send Password
}elseif($a == "dsp"){
 
    if($s == "" or !$s){ msg("error", "Error !!!", "All fields are required"); }
    $found = FALSE;
    $all_users = file("./data/users.db.php");
    foreach($all_users as $user_line){
            $user_arr = explode("|", $user_line);
        if($s == "${user_arr[0]}${user_arr[3]}"){ $found = TRUE; break;}
    }
    if(!$found){ msg("error", "Error !!!", "invalid string"); }
        else{
 
                $salt = "abchefghjkmnpqrstuvwxyz0123456789";
                srand((double)microtime()*1000000);
                for($i=0;$i<9;$i++){
                        $new_pass .= $salt{rand(0,33)};
                }
        $md5_pass = md5($new_pass);
 
        $old_db = file("./data/users.db.php");
            $new_db = fopen("./data/users.db.php", w);
            foreach($old_db as $old_db_line){
                $old_db_arr = explode("|", $old_db_line);
                if($s != "${old_db_arr[0]}${old_db_arr[3]}"){
                        fwrite($new_db,"$old_db_line");
                }else{
                        fwrite($new_db,"$old_db_arr[0]|$old_db_arr[1]|$old_db_arr[2]|$md5_pass|$old_db_arr[4]|$old_db_arr[5]|$old_db_arr[6]|$old_db_arr[7]|||\n");
                }
            }
            fclose($new_db);
 
        $message = "Hi $user_arr[2],\n Your new password for CuteNews is $new_pass, please after you login change this password.";
 
        mail("$user_arr[5]", "Your New Password for CuteNews", $message,
             "From: no-reply@$SERVER_NAME\r\n"
            ."X-Mailer: PHP/" . phpversion()) or die("can not send mail");
 
 
        msg("info", "Password Sent", "The new password for <b> $user_arr[2]</b> was sent to the email.");
    }
 
}else{
if($config_allow_registration != "yes"){  msg("error","Error", "User registration is Disabled"); }
        echoheader("user", "User Registration");
 
echo<<<HTML
    <table leftmargin=0 marginheight=0 marginwidth=0 topmargin=0 border=0 height=100% cellspacing=0>
     <form  name=login action="$PHP_SELF" method=post>
     <tr>
       <td width=80>Username: </td>
       <td><input tabindex=1 type=text name=regusername  style="width:134" size="20"></td>
     </tr>
     <tr>
       <td width=80>Nickname: </td>
       <td><input tabindex=1 type=text name=regnickname  style="width:134" size="20"></td>
     </tr>
     <tr>
       <td width=80>Password: </td>
       <td><input tabindex=1 type=text name=regpassword  style="width:134" size="20"></td>
     </tr>
     <tr>
       <td width=80>Email: </td>
       <td><input tabindex=1 type=text name=regemail  style="width:134" size="20"></td>
     </tr>
      <tr>
       <td></td>
       <td ><input accesskey="s" type=submit style="background-color: #F3F3F3;" value='Register'></td>
      </tr>
      <tr>
       <td align=center colspan=2>$result</td>
      </tr>
     <input type=hidden name=action value=doregister>
     </form>
    </table>
HTML;
 
        echofooter();
 
}
?>